Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

13,473 advisories

Loading
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows... Low Unreviewed
CVE-2026-32445 was published Mar 13, 2026
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to... Low Unreviewed
CVE-2026-22210 was published Mar 13, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Low Unreviewed
CVE-2025-14811 was published Mar 13, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Low Unreviewed
CVE-2025-13718 was published Mar 13, 2026
Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning Low
GHSA-q926-c743-49qj was published for github.com/centrifugal/centrifugo/v6 (Go) Mar 13, 2026
VarshankNaik Credited to VarshankNaik
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode Low
GHSA-qvr7-g57c-mrc7 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even... Low Unreviewed
CVE-2025-13462 was published Mar 12, 2026
Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties Low
GHSA-mwv9-gp5h-frr4 was published for devalue (npm) Mar 12, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, KarimPwnz, wim-vercel, and mattiasljungstrom KarimPwnz KarimPwnz
wim-vercel wim-vercel mattiasljungstrom mattiasljungstrom
@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch Low
CVE-2026-32236 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html` Low
CVE-2026-32109 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access Low
CVE-2026-32108 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity Low
CVE-2026-31873 was published for unhead (npm) Mar 12, 2026
simonkoeck Credited to simonkoeck
Keycloak vulnerable to authorization bypass via the Admin API Low
CVE-2026-2366 was published for @keycloak/keycloak-admin-client (Maven) Mar 12, 2026
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The... Low Unreviewed
CVE-2026-4012 was published Mar 12, 2026
@whyour/qinglong: manipulation of the argument command leads to protection mechanism failure Low
CVE-2026-3965 was published for @whyour/qinglong (npm) Mar 12, 2026
Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71... Low Unreviewed
CVE-2026-3929 was published Mar 12, 2026
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content... Low Unreviewed
CVE-2025-62328 was published Mar 12, 2026
A potential vulnerability was reported in the Lenovo FileZ Android application that, under... Low Unreviewed
CVE-2026-0520 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper... Low Unreviewed
CVE-2026-24508 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access... Low Unreviewed
CVE-2026-24509 was published Mar 11, 2026
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01... Low Unreviewed
CVE-2026-1471 was published Mar 11, 2026
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02... Low Unreviewed
CVE-2026-1524 was published Mar 11, 2026
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to... Low Unreviewed
CVE-2026-1497 was published Mar 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18... Low Unreviewed
CVE-2025-12697 was published Mar 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8... Low Unreviewed
CVE-2025-12704 was published Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database